Over 1000 US businesses could have had customer data stolen by malware

Yesterday, a popular US chain announced that point-of-sale malware called “Backoff” used third party vendor credentials to access its customer details.

395 of the Dairy Queen’s 4500 restaurants were affected by the attack, which harvested details for a period of at least three weeks in August.

Stolen information included customer names, and card information such as card numbers and expiration dates. Dairy Queen has said that no further customer information, such as email addresses or PIN and Social Security numbers were taken.

Backoff first surfaced in October last year and works by collecting payment card data from a computer’s RAM in the short period between the card being swiped and the data being encrypted. The US Department of Homeland Security said in August that card readers at over 1000 businesses could be affected by Backoff or similar malware.

So far, UK businesses do not appear to have been targeted, but SMEs are urged to take action to protect themselves.